Vulnerabilities > CVE-2020-15904 - Out-of-bounds Write vulnerability in Pypi Bsdiff4
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Common Weakness Enumeration (CWE)
References
- https://github.com/ilanschnell/bsdiff4/blob/master/CHANGELOG.txt
- https://github.com/ilanschnell/bsdiff4/blob/master/CHANGELOG.txt
- https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7
- https://github.com/ilanschnell/bsdiff4/commit/49a4cee2feef7deaf9d89e5e793a8824930284d7